wpseek.com
A WordPress-centric search engine for devs and theme authors



send_origin_headers › WordPress Function

Since3.4.0
Deprecatedn/a
send_origin_headers ( No parameters )
Returns:
  • (string|false) Returns the origin URL if headers are sent. Returns false if headers are not sent.
Defined at:
Codex:

Sends Access-Control-Allow-Origin and related headers if the current request is from an allowed origin.

If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. For other request methods, you will receive a return value.


Related Functions: rest_send_cors_headers, login_header, do_signup_header, send_nosniff_header, send_frame_options_header

Source 

function send_origin_headers() {
	$origin = get_http_origin();

	if ( is_allowed_http_origin( $origin ) ) {
		header( 'Access-Control-Allow-Origin: ' . $origin );
		header( 'Access-Control-Allow-Credentials: true' );
		if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
			exit;
		}
		return $origin;
	}

	if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
		status_header( 403 );
		exit;
	}

	return false;
}